The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
Resolved an issue that prevented the policy remediation from working properly for VM Insights and Change Tracking policies. The root cause was the insufficient access granted to the Managed Identity that performs the remediation task. To solve the problem, we granted the Policy Assignments in the Landing Zone Management the permission to read the Platform Management Group.
This PR fixes/adds/changes/removes
Adds Role Assignments to VMInsights Policies at LZs MG granting rbacReader on Platform MG
Adds Role Assignments to ChangeTracking Policies at LZs MG granting rbacReader on Platform MG
Adds Role Assignments to Azure Update Manger Policies, granting rbacManagedIdentityOperator at the same scope as the assignment.
Overview/Summary
Resolved an issue that prevented the policy remediation from working properly for VM Insights and Change Tracking policies. The root cause was the insufficient access granted to the Managed Identity that performs the remediation task. To solve the problem, we granted the Policy Assignments in the Landing Zone Management the permission to read the Platform Management Group.
This PR fixes/adds/changes/removes
Breaking Changes
None
Testing Evidence
Deployment
Compliance Monitoring
Compliance Change Tracking
Compliance Azure Update Manager
Testing URLs
Azure Public
As part of this Pull Request I have
main
branch/docs/wiki/whats-new.md
)